Yet another blog around EUC and more especially on Omnissa stuffs
I’ll not talk about the configuration of AD FS itself but how to create the relying party for both Workspace ONE Access and UAG… spoiler: the configuration is not the same 🙂
So here the common part who consist to the creation of the Relying Party Trusts:
Open you AD FS Manager, select “Relying Party Truts” and with the select “Add Relying Party Trust…“
This tuto will show you how to configure Azure AD as a 3rd party Identity Provider for Workspace One Access.
Note : In my case, the default Azure AD domain is alfadir.onmicrosoft.com but in order to match with my on-premise Active Directory I had to use not the email address or UPN but the “Alternate email”
So the first thing to do is to create a “New Application” in Azure, once logged on Azure Portal as Admin, select “Azure Active Directory“, then on the left pane, select “Enteprise applications” and click “New Application“:
Recently I had to work on a project that imply Shibboleth as IdP (Identity Provider), so you will see below how to configure it in Workspace One Access as a 3rd party IdP.
One of the major issue with Shibboleth (in my case) is it only provides a samAccountName but not a UserPrincipalName (upn), so basically the User name without the domain name (eg. e.monjoin but not e.monjoin@mydomain.dom). It works in many situation excepted in a multi domain configuration where you can potentially have the same username in two different domain and you have a trust relationship between them (eg. e.monjoin@finance.domain.com and e.monjoin@technical.domain.com). In this case WS1 Access will not be able to choose a account you will see the following error :
Ok okkkkkk, I know that could be weird at first sight but I had a request from a customer to assist in the deployment of UAG 3.9 on Hyper-V in a “Dual DMZ” configuration.
The Back End UAG is deployed on vSphere but the the front-end should run on the DMZ hypervisors who are…. Windows 2019 Core / Hyper-V
So when we look at the files required to perform this installation we need to download 2 files :
I recently had an issue with one of my App Volumes server: even if my server was down in an App Volumes point of view (connection lost the database), my Kemp load balancer see it up and running because: the web interface was up and favicon.ico was also available.
The template for App Volumes (part of Horizon 7 Template) is, in my opinion not complete and it missed the right way to configure health check
So the right way to configure load balancer ‘s health check is the following :
For Kemp :
Ok so I made some test recently on installing VMware EUC components or Core version of Windows Server. It works with Horizon and App Volumes but I got information that installing Workspace One Access Connector on Core didn’t work as expected 🙂
With Workspace One Access 20.01 you have the choice to use the new Connector in version 20.01 as well or a Legacy connector ie. version 19.03 from the previous version of Workspace One Access.
Why 2 connectors ? because the latest version so 20.01 is unable to be used when you need to use “Virtual Apps”
I had to validate how to migrate WS1 Access database to another SQL Server.
This test concerns a dual-site configuration with 3 active nodes (R/W) on Site-A et 3 passive nodes on site B (R/O).
The first thing I did, was to set all nodes to passive (so read-only for all) so no more update will be done on the database.
After that I made a SQL backup of my database and copied it the new MS SQL Server.
I recently have a customer requesting to install VMware Horizon on a Windows 2019 Core server. Most of customers prefer to have the “Desktop Experience” but for security reason some other prefer to limit to shell only interface.
Before installing VMware Horizon, ensure that all updates are applied to Windows 2019 Core (I had some strange behavior before doing that, like impossible to have the Flex Admin console or get “Login failed” on the new HTML 5 consoles)
The first main concern is getting signed certificate ready so Horizon will use it instead of its self signed certificate.
After copying the certificate in a local folder :
1 ) From the Administrator command prompt, type “powershell” to execute PowerShell command
When working on EUC and SDDC solutions (and yes now for everything) we have to use certificates.
I mostly used Microsoft Certificate Services for all my internal servers and a Public wildcard certificate for external access. So to create certificate, the best is to used the Windows MMC and the export the certificate as .PFX to get both the certificate and the private key used to generate it.
However some product like Workspace One Access ask for certificate as PEM format so I used the following script to convert PFX to PEM with OpenSSL.
It’s a batch script who need two arguments, the first one is the name of the certificate without the extension and the second argument is the password used to encrypt Private key
Eg. my PFX certificate is myserver.mydomain.local.pfx so I juste have to type : pfx2pem.bat myserver.mydomain.local mypassword
Recent Comments